| September 11 2017 | File::Path Security | Back Next |
File::Path has been repeatedly cited in CVE reports
https://nvd.nist.gov/vuln/detail/CVE-2002-0435
Race condition in the recursive (1) directory deletion and (2) directory move
in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete
directories as the user running fileutils by moving a low-level directory to a
higher level as it is being deleted, which causes fileutils to chdir to a ".."
directory that is higher than expected, possibly up to the root file system.
https://nvd.nist.gov/vuln/detail/CVE-2004-0452
Race condition in the rmtree function in the File::Path module in Perl
5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local
users to delete arbitrary files and directories, and possibly read files and
directories, via a symlink attack.
https://security-tracker.debian.org/tracker/CVE-2005-0448
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4
allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CVE-2004-0452.
| Home Last TOC | Copyright © 2017 James E Keenan | Back Next |